Jenkins – How to manage Jenkins project’s authorization using Active Directory users and groups


I have Jenkins installed plus the Active Directory plugin. I can succesfully log in with domain accounts and I have set 'Domain Admins' to have full control over Jenkins. I would like to remove some overhead managing who can access which projects and delegate this to projects managers.

I was planning on doing this by creating project bases AD groups and make the project manager the owner of this group. Then I would create an Exchange distribution group based on that AD group. This way the project manager can define who is a member of this group through Outlook or Outlook Web Access just by removing/adding people to the mailing list

I am trying to find where to set the authorized AD group to a Jenkins project, but there seems to be no such option. Do I need some special plugins or where can I set the AD group that can access a project?

Finally I would do an admin Jenkins job that would create an AD group under OU=Projects,CN=ProjectX. Make some user own it and then create a Jenkins project with the freshly created group and project name data.

Best Solution

I have not used Active Directory plugin but this may be what you're looking for: Go to Jenkins > Manage Jenkins > Configure Global Security > Enable security (Enable check-box). Now in Authorization section, select Project-based Matrix Authorization Strategy if you want to provide access separately on per-project basis.

enter image description here

So, once you select Project-based Matrix Authorization Strategy, you will have to go to job's configuration page and select Enable project-based security option (refer screenshot below). There you can specify the users who will have access to the given job.

enter image description here

You should also go through comments (especially one by 'pcampbell') on this link. It might help.

Related Question